BlockBeats News, February 20 — Co-founder of SlowMist, Yu Xian, reposted a security alert. Currently, OpenClaw’s ClawHub marketplace has identified 1,184 malicious skills that can steal SSH keys, crypto wallets, browser passwords, and open reverse shells. A single attacker has uploaded 677 packages. The top-ranked skill contains 9 vulnerabilities and has been downloaded thousands of times.
Yu Xian warned users that text is no longer just text, but instructions. It is recommended to use AI tools in a separate environment, as many OpenClaw skills pose potential risks. Additionally, in Web3 security, smart contracts are only part of the picture; the true causes of incidents have long gone beyond just the contracts. A few days ago, Moonwell was hacked for $1.78 million, with the flawed code originating from Co-Authored-By: Claude Opus 4.6.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Hackers Hijack Bonk.fun Domain, Deploy Wallet-Draining Phishing Prompt
The Bonk.fun platform warns users to avoid its site after hackers compromised an account, deploying a phishing prompt to drain wallets. The attack impacted only users who engaged with the malicious prompt, and losses were limited due to quick detection.
Decrypt50m ago
Ayush Varshney arrested, breakthrough after ten years in the pursuit of an 800 million Bitcoin Ponzi scheme
Ayush Varshney was arrested by the Indian Central Bureau of Investigation while attempting to leave the country. He is accused of involvement in the GainBitcoin scam, which has been ongoing for nearly ten years and has resulted in losses of up to 66 billion rupees. Varshney built the technical infrastructure of the scam through Darwin Labs. The case has been delayed due to the death of the mastermind and complex fund flows. If convicted, he could face many years in prison.
MarketWhisper1h ago
Bonk.fun team states that hackers hijacked accounts and implanted a coin-stealing malware on the domain
Gate News Announcement, March 12, Bonk.fun team member Tom posted an urgent warning on the X platform, advising users not to use the bonk.fun domain temporarily, as hackers have hijacked the team account and forcibly embedded a coin-stealing program on the domain.
GateNews1h ago
BONK.fun Alert: The BONK.fun domain has been compromised. Do not interact.
March 12 News: BONK.fun posted on X that malicious actors have compromised the BONKfun domain. Please do not interact with the website until the team ensures everything is secure.
GateNews2h ago
Fantasy.top Fundraising Controversy: Angel Investor Accuses of Losing Contact, Founder Claims Never to Have Used a Single Penny
The founder of Fantasy.top denies the allegations of refunds to angel investors, emphasizing that the company has been operating based on product revenue for the past two years and has not used investor funds. Some investors have stated they have not received the expected financial reports and are calling on the founder to take responsibility. The platform was once well-rated but has recently shifted to a prediction market, which still awaits further clarification from the official.
MarketWhisper2h ago
A user was hacked and lost $53,000 worth of PAXG due to signing a malicious Approve transaction.
Gate News Report, March 12 — According to GoPlus monitoring, a user was targeted by a phishing attack after signing a malicious Approve transaction, resulting in the theft of $53,000 worth of PAXG.
GateNews3h ago
